Should you be worried about Ubuntu Desktop’s privacy settings?

April 4, 2012 10:05 pm

Ubuntu 12.04 LTS (Long Term Support), aka Precise Pangolin, will be released towards the end of this month. Like most distribution releases, it will come with its share of new features, enhancements and bugfixes.

You will find one of those new features in System Settings, the hub for most graphical administrative tools in Ubuntu and GNOME 3 desktops in general. The tool or application is called Privacy. What it does is not new per se, but new in the manner it executes them.

Since Privacy is not available on current and earlier editions of Ubuntu, you need to be running a pre-release edition of Ubuntu 12.04 to see first hand what is being discussed in this article. If you have such a system, you will find Privacy in the System section of System Settings, that is, in the lower section.

This is Privacy’s main view. It has four tabs. What it does, is record application activities on your computer. And there is nothing new about that. On a KDE desktop, recording such information (meta data information), is enabled out of the box, just as it is also enabled in pre-release versions of Ubuntu 12.04. On the Recent Items tab, you can modify the duration that recorded information is kept. By default, it is “The past hour.” Recording information is a good thing, but like I wrote earlier, this is nothing new.

On the Files tab, you are given the opportunity to deactivate recording for certain file types. But how useful is this? And what difference does it make, for example, if you deactivate the recording of activities for email-related files? From my perspective, it makes no difference. On this tab, you can also deactivate recording activities in specific folders. Again, what purpose does it serve?

On the Applications tab, you may deactivate logging or recording of activities for specific applications. Not to belabor this, but what is the point?

On the Diagnostics tab, you are informed that “Ubuntu can collect anonymous information that helps developers improve it.”

And that, is the part that needs to be explained. Is the collected “anonymous information” limited to those related to crashed programs or does the system send all recorded activity from the other tabs to Canonical’s servers? Linux distributions use a program called Smolt to collect and send hardware information from Linux systems to a central server (Smolt server), but that information is gathered right after installation and is not sent without your consent.

The screen shot below shows what I am referring to. If you have installed any Linux system, you have probably seen it. By the way, this screen shot was taken from a test installation of Fedora 17 beta (not yet officially released). Information gathered by Smolt is totally anonymous, related solely to hardware, unlike Ubuntu’s Privacy, which seems to record all application activities on your computer. It is not clear to me how often recorded information is sent to Canonical’s servers. That is why this Privacy thing needs some clarification.

Also on the Diagnostics tab of Privacy, you are further informed that “all information collected is covered by our privacy policy.” But what exactly does that Privacy Policy say? It just so happens that the Privacy Policy is the same Privacy Policy that governs what information is collected and what Canonical does with that information when you visit their websites.

What type of information does Canonical collect when you visit their websites? The Privacy Policy states that:

Like most website operators, Canonical collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, referring site, and the date and time of each visitor’s request. Our purpose in collecting non-personally identifying information is to better understand how visitors use our websites and services.

When you register to use certain parts of our websites, such as wikis or message boards, we ask for personally identifying information such as your full name, email address, and a password.

Nowhere does it state whether the most important personally identifiable information – your IP address, is collected. But you can be sure that it is (collected). So, why does the Privacy Policy not even refer to it? But it does state that your “full name, email address, and a password,” which could be fake, is collected.

After collecting all “non-personally identifying information” about you, what does Canonical do with them? The Privacy Policy states that they could be used:

To comply with legal and regulatory requirements (including responding to subpoenas and to prevent crime). These special circumstances may require us to disclose personally identifiable information.

And that is the same policy that applies to any information that is collected from your desktop by Privacy. I hope that I am wrong, but your new Ubuntu system could be used to spy on you. I really have no problem with recording desktop activity to make the system more user-friendly, but when such recorded information could be sent to a remote host, then I start to worry.

Subscribe to LinuxBSDos.com

Subscribe to receive the latest articles in your Inbox

I agree to have my personal information transfered to MailChimp ( more information )

Zeitgeist is a service which logs the user’s activities and events (files
opened, websites visited, conversations held with other people, etc.) and
makes the relevant information available to other applications.

It serves as a comprehensive activity log and also makes it possible to
determine relationships between items based on usage patterns.

This package contains the gnome control center integration.
It lets you control what gets logged by Zeitgeist. It supports setting up
blacklists according to several criteria (such as application or file types),
temporarily stopping all logging as well as deleting recent events.”

i don’t know how to read source code yet well enough to determine what exactly the various aspects of data collection in my linux distrobution does. i want to but, we don’t all have the luxury of time. however, since i’ve joined linux i’ve seen zeitgeist in my resources and i’ve seen the hidden files in my home folder and it feels a hell of a lot like windows. i came to linux to feel free’er and less of a marketed information goldmine. yes, i will uninstall zeitgeist. yes, i will do workarounds for the other activity monitors but, i believe this kind of Shit, should be explained in the welcome info that all the windows converts read before moving over so they can determine how to deal with these types of things BEFORE they find out about it weeks or months or possibly years later. it’s just the, considerate thing to do. and, i read this post and applaude it. yes, he/she made remarks like ‘so what?’ and ‘again, what purpose does it serve?’ and i can see how those things can be taken multiple ways but, from my take on the whole post it’s been excellent about telling people what the ubuntu community DOESN’T tell you. even if these data collection things are playing by nice rules, people should effing know about it before hand without having to browse hidden files and learning every package on their installation before they know which ones might even remotely be sending information. asides from that, it’s just bad when the first thing someone should have to do to circumvent the aforementioned when joining linux is google what packages are collecting information like the quoted reference in the beginning of this reply. plain and fucking simple. end of story.

First Canonical/Ubuntu is attacked for not supporting Gnome enough and now that it includes new Gnome features it is attacked for doing so as well.

I don’t like Canonical/Ubuntu much but I certainly wouldn’t post something as asinine as this pos. Posting the same thing but without the ‘Ubuntu Desktop’ headline would be more tolerable, though as others have pointed out you apparently haven’t done your homework with regards to zeitgeist.

This privacy mess is typical for any free product. If it does not cost you anything than obviously you, the user, are the product. Facebook and Twitter ring a bell? How do you think they make money? By profiling you so they can sell that information and/or shove better “personalized” ads down your throat. Now think about the recent news articles about Ubuntu TV. What keeps TV afloat? Ads. What do they need for effective ads? They need to know everything about you, the user/viewer/consumer. If you don’t like that then don’t use their products.

Our privacy is rapidly becoming a more scarce good than fist-size diamonds. The choice is yours if you want to safeguard (some of) your privacy or not. I do value my privacy so the moment I saw the Privacy settings in 12.04 I saw the writing on the wall and switched from Ubuntu to Fedora & CentOS. With Fedora at least I know that *I* am not the product because Fedora is a conduit to Red Hat Enterprise Linux which brings in a billion dollars of revenue. And Fedora or CentOS do not collect any information about what I do on my boxes. Feels a lot safer to me.

Realize that your privacy does not come with a refund. Once it’s “sold”, you can never go back. Why not err on the side of caution and avoid that which will take from you what you can never get back.

Well, don’t mess up things. Free software means free as in Libre. Nothing to do with Facebook, Google or Twitter. And to reply to the initial post, just look at the source code and don’t loose your (and our) time speculating on thinks you obviously don’t know very well.

Alas, the world is now gearing towards a bigger brother that is watching you.
Even real free operating systems has to follow the rules which are dictated by law.

Nobody is allowed to escape and every attempt will be seen as a factual future crime.
And all this is an inevitable part of our present-day life in just about any modern country.

In the end, humanity will learn how to deal with this accelerated evolution of technology
the hard way to eventually come to a higher level of understanding.

We just happen to be in the early stage of it and are likely to experience a lot of malevolent acting by early adapting governments, operated by the first resentful souls
of the previous generation that encountered the first mishaps of the new high velocity tech-evolution.

This article is bizarre. Firstly it documents several sensible privacy-enhancing options and asks “what is the point?”, as though privacy were unimportant. Then it asks whether the option to send “anonymous information” to Canonical is actually lying and sending information that could be personally identifiable, as though Ubuntu were not an open source operating system (the source code is right there: see for yourself whether the option is lying or not). Most bizarre is the contrast between these two positions: on the one hand the article cares so little for privacy that it sneers “so what?” repeatedly as it lists Ubunutu’s privacy features; then a moment later it’s so paranoid about privacy that it thinks an open source operating system might be sneakily misinforming users about what it’s really doing, despite the ease with which the users can check this for themselves. Bizarre.

For all purposes, the mentioned “privacy settings” are good for nothing. Even if logging stays enabled, it is on your PC – it is you who can review it. Not much sense in holding your private info away from yourself.

On the other hand, sending a slew of personally identifiable information to somebody’s server somewhere is by default a gross violation of the privacy. Putting it in the same category as the activity logging on your own PC is like putting in the same category the right to speak your mind and the right to shoot someone.

Why would you need to be worried about having this stuff consolidated into one place and explicitly there for the purpose of controling your privacy rather than invading yoru privacy? Would it not be much more rational to be worried about using operating systems that don’t have privacy controls built in?

The article asks good questions, but in my view also presents the matter in a too suspicious manner, considering the lack of some essential facts. I have to wonder, why didn’t you ask Canonical or some Ubuntu developers for their view on the matter before writing the article. That could have answered important questions, and left less room for speculation – and would have served your readership better.

Wow! I don’t think I’ve read a more disingenuous article in a long time.

First of all, the code is all open source. Just download the source package, and you can see exactly what the code does. Unsurprisingly, it does exactly what it says it does! As it says in the dialog, before a crash report is sent you have the opportunity to review the information that will be sent and/or cancel the report.

I’m very skeptical that Canonical is collecting information about chat logs and web browser use. They’ve just consolidated things into one menu for easier use, instead of forcing the user in Empathy/Pidgin to turn off local chat logging, then going into the file manager and clearing recently used files, et cetera.

Ubuntu 11.10: install activity-log-manager and you get the functionality described above.
Additionally I move browsercache to /dev/shm/ in about:config of firefox and make /tmp and /var/log a tmpfs in fstab.